burncash.co
HTML metadata
Technology
- CDN
- Vercel
- CMS
- Next.js
Third-party hosts loaded (10)
- flagcdn.com×4
- challenges.cloudflare.com×2
- api.producthunt.com×1
- datafa.st×1
- fazier.com×1
- floorsjs.com×1
- launchigniter.com×1
- startuplist.ing×1
- tinylaunch.com×1
- yourwebsitescore.com×1
Social
DNS records live
- NS
-
- ns1.vercel-dns.com
- ns2.vercel-dns.com
- TXT
-
google-site-verification=JnF83Qye60VKdhF4_G4TOfU1G-y-uuVkG8kYK-2UjBU
Email authentication no MX
- SPF
- not published
- DMARC
-
v=DMARC1; p=none;policy: none (monitoring only) - DKIM
- no key found at common selectors
Certificate (current)
R12
Expires in 21 days
HTTP security headers
- present
-
- strict-transport-security
- content-security-policy
- x-frame-options
- x-content-type-options
- findings
-
- CSP allows unsafe inline scripts/styles
- missing Referrer Policy
- missing Permissions Policy
Header values
- x-frame-options
SAMEORIGIN- x-content-type-options
nosniff- content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://datafa.st https://floorsjs.com https://server.floorsjs.com https://esm.sh; style-src 'self' 'unsafe-inline'; img-src 'self' data: https: blob:; font-src 'self' data:; connect-src 'self' https://datafa.st https://lprvjnoxgtmobmodidkz.supabase.co https://floorsjs.com wss://floorsjs.com https://server.floorsjs.com wss://server.floorsjs.com; frame-ancestors 'self'- strict-transport-security
max-age=63072000